Table of Contents
Advertisement
Chapter 16
Security Audit
AutoSecure Features Implemented Differently in SDM
Security Configurations SDM Can Undo
OL-4015-08
Configuring AAA—If the Authentication, Authorization, and Accounting
•
(AAA) service is not configured, AutoSecure configures local AAA and
prompts for configuration of a local username and password database on the
router. SDM does not support AAA configuration.
Setting SPD Values—SDM does not set Selective Packet Discard (SPD)
•
values.
Enabling TCP Intercepts—SDM does not enable TCP intercepts.
•
Configuring anti-spoofing ACLs on outside interfaces—AutoSecure creates
•
three named access lists used to prevent anti-spoofing source addresses. SDM
does not configure these ACLs.
Disable
SNMP—SDM will disable SNMP, but unlike AutoSecure, it does not
•
provide an option for configuring SNMP version 3.
Enable SSH for Access to the
•
on crypto Cisco IOS images, but unlike AutoSecure, it will not enable Service
Control Point (SCP) or disable other access and file transfer services, such as
FTP.
This table lists the security configurations that SDM can undo.
Security Configuration
Disable Finger Service
Disable PAD Service
Disable TCP Small Servers Service
Disable IP BOOTP Server Service
Disable IP Identification Service
Disable CDP
Disable IP Source Route
Cisco Router and Security Device Manager Version 2.2 User's Guide
Security Configurations SDM Can Undo
Router—SDM will enable and configure SSH
Equivalent CLI
No service finger
No service pad
No service tcp-small-servers
no service udp-small-servers
No ip bootp server
No ip identd
No cdp run
No ip source-route
16-27
Advertisement
Table of Contents
Troubleshooting
